Add OTP hardware key support to plat-ti

core/arch/arm/plat-ti/conf.mk

@@ -15,6 +15,7 @@ $(call force,CFG_PL310_LOCKED,y)
 $(call force,CFG_SECURE_TIME_SOURCE_REE,y)
 arm32-platform-cpuarch		:= cortex-a9
 else
+CFG_OTP_SUPPORT ?= y
 $(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
 $(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
 arm32-platform-cpuarch		:= cortex-a15

core/arch/arm/plat-ti/main.c

@@ -40,15 +40,19 @@
 #include <kernel/misc.h>
 #include <kernel/mutex.h>
 #include <kernel/tee_time.h>
+#include <kernel/tee_common_otp.h>
 #include <mm/core_mmu.h>
 #include <mm/core_memprot.h>
 #include <tee/entry_std.h>
 #include <tee/entry_fast.h>
 #include <console.h>
 #include <sm/sm.h>
 
+#define PLAT_HW_UNIQUE_KEY_LENGTH 32
+
 static struct gic_data gic_data;
 static struct serial8250_uart_data console_data __early_bss;
+static uint8_t plat_huk[PLAT_HW_UNIQUE_KEY_LENGTH];
 
 register_phys_mem(MEM_AREA_IO_SEC, SECRAM_BASE, SECRAM_SIZE);
 register_phys_mem(MEM_AREA_IO_SEC, GICC_BASE, GICC_SIZE);
@@ -125,38 +129,45 @@ struct plat_nsec_ctx {
 	uint32_t mon_spsr;
 };
 
+struct plat_boot_args {
+	struct plat_nsec_ctx nsec_ctx;
+	uint8_t huk[PLAT_HW_UNIQUE_KEY_LENGTH];
+};
+
 void init_sec_mon(unsigned long nsec_entry)
 {
-	struct plat_nsec_ctx *plat_ctx;
+	struct plat_boot_args *plat_boot_args;
 	struct sm_nsec_ctx *nsec_ctx;
 
-	plat_ctx = phys_to_virt(nsec_entry, MEM_AREA_IO_SEC);
-	if (!plat_ctx)
+	plat_boot_args = phys_to_virt(nsec_entry, MEM_AREA_IO_SEC);
+	if (!plat_boot_args)
 		panic();
 
 	/* Invalidate cache to fetch data from external memory */
 	cache_op_inner(DCACHE_AREA_INVALIDATE,
-			plat_ctx, sizeof(*plat_ctx));
+			plat_boot_args, sizeof(*plat_boot_args));
 
 	/* Initialize secure monitor */
 	nsec_ctx = sm_get_nsec_ctx();
 
-	nsec_ctx->mode_regs.usr_sp = plat_ctx->usr_sp;
-	nsec_ctx->mode_regs.usr_lr = plat_ctx->usr_lr;
-	nsec_ctx->mode_regs.irq_spsr = plat_ctx->irq_spsr;
-	nsec_ctx->mode_regs.irq_sp = plat_ctx->irq_sp;
-	nsec_ctx->mode_regs.irq_lr = plat_ctx->irq_lr;
-	nsec_ctx->mode_regs.svc_spsr = plat_ctx->svc_spsr;
-	nsec_ctx->mode_regs.svc_sp = plat_ctx->svc_sp;
-	nsec_ctx->mode_regs.svc_lr = plat_ctx->svc_lr;
-	nsec_ctx->mode_regs.abt_spsr = plat_ctx->abt_spsr;
-	nsec_ctx->mode_regs.abt_sp = plat_ctx->abt_sp;
-	nsec_ctx->mode_regs.abt_lr = plat_ctx->abt_lr;
-	nsec_ctx->mode_regs.und_spsr = plat_ctx->und_spsr;
-	nsec_ctx->mode_regs.und_sp = plat_ctx->und_sp;
-	nsec_ctx->mode_regs.und_lr = plat_ctx->und_lr;
-	nsec_ctx->mon_lr = plat_ctx->mon_lr;
-	nsec_ctx->mon_spsr = plat_ctx->mon_spsr;
+	nsec_ctx->mode_regs.usr_sp = plat_boot_args->nsec_ctx.usr_sp;
+	nsec_ctx->mode_regs.usr_lr = plat_boot_args->nsec_ctx.usr_lr;
+	nsec_ctx->mode_regs.irq_spsr = plat_boot_args->nsec_ctx.irq_spsr;
+	nsec_ctx->mode_regs.irq_sp = plat_boot_args->nsec_ctx.irq_sp;
+	nsec_ctx->mode_regs.irq_lr = plat_boot_args->nsec_ctx.irq_lr;
+	nsec_ctx->mode_regs.svc_spsr = plat_boot_args->nsec_ctx.svc_spsr;
+	nsec_ctx->mode_regs.svc_sp = plat_boot_args->nsec_ctx.svc_sp;
+	nsec_ctx->mode_regs.svc_lr = plat_boot_args->nsec_ctx.svc_lr;
+	nsec_ctx->mode_regs.abt_spsr = plat_boot_args->nsec_ctx.abt_spsr;
+	nsec_ctx->mode_regs.abt_sp = plat_boot_args->nsec_ctx.abt_sp;
+	nsec_ctx->mode_regs.abt_lr = plat_boot_args->nsec_ctx.abt_lr;
+	nsec_ctx->mode_regs.und_spsr = plat_boot_args->nsec_ctx.und_spsr;
+	nsec_ctx->mode_regs.und_sp = plat_boot_args->nsec_ctx.und_sp;
+	nsec_ctx->mode_regs.und_lr = plat_boot_args->nsec_ctx.und_lr;
+	nsec_ctx->mon_lr = plat_boot_args->nsec_ctx.mon_lr;
+	nsec_ctx->mon_spsr = plat_boot_args->nsec_ctx.mon_spsr;
+
+	memcpy(plat_huk, plat_boot_args->huk, sizeof(plat_boot_args->huk));
 }
 
 void console_init(void)
@@ -165,3 +176,12 @@ void console_init(void)
 			     CONSOLE_UART_CLK_IN_HZ, CONSOLE_BAUDRATE);
 	register_serial_console(&console_data.chip);
 }
+
+#if defined(CFG_OTP_SUPPORT)
+
+void tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey)
+{
+	memcpy(&hwkey->data[0], &plat_huk[0], sizeof(hwkey->data));
+}
+
+#endif